VULHUB ™

Internet Explorer contains a flaw which could enable a remote web site operator to view the directory structure of a visiting user's system. A specially formed script containing the GetObject function with dot-dot-slash (../) sequences, along with an existing file and the ActiveX object 'htmlfile', could reveal the contents of an arbitrary directory of a visitng user system. If such a script is embedded in a web page, the user's browser will return the directory contents back to the web server.

Internet Explorer contains a flaw which could enable a remote web site operator to view the directory structure of a visiting user's system. A specially formed script containing the GetObject function with dot-dot-slash (../) sequences, along with an existing file and the ActiveX object 'htmlfile', could reveal the contents of an arbitrary directory of a visitng user system. If such a script is embedded in a web page, the user's browser will return the directory contents back to the web server.